new clicky thingies.

git-svn-id: file:///svn/phpbb/trunk@8156 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Henry Sudhof <kellanved@phpbb.com> 2007-10-09 11:21:08 +0000
committer: Henry Sudhof <kellanved@phpbb.com> 2007-10-09 11:21:08 +0000
commit: ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d (patch)
tree: 5cc400e4b41eeacff63feef8ed5770f77e21abd3 /phpBB/includes
parent: e8b2c4128ec285314ce6c58d3989a9c92f8a456c (diff)
download: forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar
forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.gz
forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.bz2
forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.xz
forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.zip
3 files changed, 32 insertions, 12 deletions
diff --git a/phpBB/includes/acp/acp_board.php b/phpBB/includes/acp/acp_board.php
index 95b792593f..4d467b6895 100644
--- a/phpBB/includes/acp/acp_board.php
+++ b/phpBB/includes/acp/acp_board.php
@@ -223,6 +223,8 @@ class acp_board
 						'enable_confirm'		=> array('lang' => 'VISUAL_CONFIRM_REG',	'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'max_login_attempts'	=> array('lang' => 'MAX_LOGIN_ATTEMPTS',	'validate' => 'int',	'type' => 'text:3:3', 'explain' => true),
 						'max_reg_attempts'		=> array('lang' => 'REG_LIMIT',				'validate' => 'int',	'type' => 'text:4:4', 'explain' => true),
+						'min_time_reg'			=> array('lang' => 'MIN_TIME_REG',			'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'min_time_terms'		=> array('lang' => 'MIN_TIME_TERMS',		'validate' => 'int',	'type' => 'text:3:3', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 
 						'legend3'			=> 'COPPA',
 						'coppa_enable'		=> array('lang' => 'ENABLE_COPPA',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
@@ -327,6 +329,8 @@ class acp_board
 						'tpl_allow_php'			=> array('lang' => 'TPL_ALLOW_PHP',			'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
 						'form_token_lifetime'	=> array('lang' => 'FORM_TIME_MAX',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
 						'form_token_mintime'	=> array('lang' => 'FORM_TIME_MIN',			'validate' => 'int',	'type' => 'text:5:5', 'explain' => true, 'append' => ' ' . $user->lang['SECONDS']),
+						'form_token_sid_guests'	=> array('lang' => 'FORM_SID_GUESTS',		'validate' => 'bool',	'type' => 'radio:yes_no', 'explain' => true),
+
 					)
 				);
 			break;
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index b88d1d9e30..aa7729d406 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -2006,9 +2006,10 @@ function meta_refresh($time, $url)
 */
 function add_form_key($form_name)
 {
-	global $template, $user;
+	global $config, $template, $user;
 	$now = time();
-	$token = sha1($now . $user->data['user_form_salt'] . $form_name);
+	$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
+	$token = sha1($now . $user->data['user_form_salt'] . $form_name . $token_sid);
 
 	$s_fields = build_hidden_fields(array(
 			'creation_time' => $now,
@@ -2029,7 +2030,7 @@ function add_form_key($form_name)
 */
 function check_form_key($form_name, $timespan = false, $return_page = '', $trigger = false, $miniumum_time = false)
 {
-	global $user, $config;
+	global $config, $user;
 
 	if ($timespan === false)
 	{
@@ -2039,6 +2040,7 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
 	{
 		$miniumum_time = $config['form_token_mintime'];
 	}
+	
 	if (isset($_POST['creation_time']) && isset($_POST['form_token']))
 	{
 		$creation_time	= abs(request_var('creation_time', 0));
@@ -2046,9 +2048,11 @@ function check_form_key($form_name, $timespan = false, $return_page = '', $trigg
 
 		$diff = (time() - $creation_time);
 
-		if (($diff > $miniumum_time) && (($diff < $timespan) || $timespan == -1))
+		if (($diff >= $miniumum_time) && (($diff <= $timespan) || $timespan == -1))
 		{
-			$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name);
+			$token_sid = ($user->data['user_id'] == ANONYMOUS && !empty($config['form_token_sid_guests'])) ? $user->session_id : '';
+			
+			$key = sha1($creation_time . $user->data['user_form_salt'] . $form_name . $token_sid);
 			if ($key === $token)
 			{
 				return true;
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php
index 4b409daed5..f75a6c5a51 100644
--- a/phpBB/includes/ucp/ucp_register.php
+++ b/phpBB/includes/ucp/ucp_register.php
@@ -44,14 +44,22 @@ class ucp_register
 		$change_lang	= request_var('change_lang', '');
 		$user_lang		= request_var('lang', $user->lang_name);
 
-		add_form_key('ucp_register');
 
 		// not so fast, buddy
-		if (($submit && !check_form_key('ucp_register', false, '', false, 5))
-			|| (!$submit && !check_form_key('ucp_register', false, '', false, 1)))
+		if (($submit && !check_form_key('ucp_register', false, '', false, $config['min_time_reg']))
+			|| (!$submit && !check_form_key('ucp_register_terms', false, '', false, $config['min_time_terms'])))
 		{
 			$agreed = false;
 		}
+		
+		if ($agreed)
+		{
+			add_form_key('ucp_register');
+		}
+		else
+		{
+			add_form_key('ucp_register_terms');
+		}
 
 
 		if ($change_lang || $user_lang != $config['default_lang'])
@@ -121,8 +129,8 @@ class ucp_register
 
 					'S_SHOW_COPPA'		=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
-					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang))
-				);
+					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang),
+				));
 			}
 			else
 			{
@@ -132,7 +140,9 @@ class ucp_register
 					'S_SHOW_COPPA'		=> false,
 					'S_REGISTRATION'	=> true,
 					'S_HIDDEN_FIELDS'	=> build_hidden_fields($s_hidden_fields),
-					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa))
+					'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register' . $add_lang . $add_coppa),
+					'S_TIME'			=> 1000 * (int)$config['min_time_terms'],
+					)
 				);
 			}
 
@@ -518,7 +528,9 @@ class ucp_register
 			'S_CONFIRM_CODE'	=> ($config['enable_confirm']) ? true : false,
 			'S_COPPA'			=> $coppa,
 			'S_HIDDEN_FIELDS'	=> $s_hidden_fields,
-			'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'))
+			'S_UCP_ACTION'		=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=register'),
+			'S_TIME'			=> 1000 * (int)$config['min_time_reg'],
+			)
 		);
 
 		//
author	Henry Sudhof <kellanved@phpbb.com>	2007-10-09 11:21:08 +0000
committer	Henry Sudhof <kellanved@phpbb.com>	2007-10-09 11:21:08 +0000
commit	ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d (patch)
tree	5cc400e4b41eeacff63feef8ed5770f77e21abd3 /phpBB/includes
parent	e8b2c4128ec285314ce6c58d3989a9c92f8a456c (diff)
download	forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.gz forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.bz2 forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.tar.xz forums-ea9c1d7ea9fce82cc3b7a87b52d1c3005927a26d.zip